Language Selection

English French German Italian Portuguese Spanish

Microsoft, Linux vendors slow to fix flaw

Filed under
Security

Colin Percival detailed the vulnerability -- which affects versions of Intel's CPU that use a technology called hyper-threading -- at a conference on May 13.

The vulnerability could allow hackers to steal sensitive information such as passwords on servers configured to allow multiple users to login simultaneously.

The FreeBSD security team member has received formal responses to the issue from the makers of the BSD family of open-source operating systems, as well as SCO and Ubuntu Linux. However, Linux vendors Red Hat, Novell and Mandriva as well as Microsoft have been slow to act.

"Given that I reported this problem in early March, I really think that they [Microsoft and Linux vendors] should have had a patch over a month ago -- in time to test it extensively before releasing it on May 13th," Percival told ZDNet Australia .

"I made it quite clear to everyone that I would be releasing my paper on that date and that they should make sure they were ready by then," he added.

Although the problem only affects multi-user servers, these machines are widely used. "The most obvious example is shared Web servers, which constitutes the vast majority of small e-commerce sites," he said. "On these systems the flaw is very serious."

Full Story.

More in Tux Machines

today's howtos

Android Leftovers

University students create award-winning open source projects

In my short time working for Clarkson University, I've realized what a huge impact this small university is making on the open source world. Our 4,300 student-strong science and technology-focused institution, located just south of the Canadian border in Potsdam, New York, hosts the Clarkson Open Source Institute (COSI), dedicated to promoting open source software and providing equipment and support for student projects. While many universities offer opportunities for students to get involved in open source projects, it's rare to have an entire institute dedicated to promoting open source development. COSI is part of Clarkson's Applied Computer Science Labs within the computer science department. It, along with the Internet Teaching Lab and the Virtual Reality Lab, is run by students (supported by faculty advisers), allowing them to gain experience in managing both facilities and projects while still undergraduates. Read more

Linux 4.17-rc2

So rc2 is out, and things look fairly normal. The diff looks a bit unusual, with the tools subdirectory dominating, with 30%+ of the whole diff. Mostly perf and test scripts. But if you ignore that, the rest looks fairly usual. Arch updates (s390 and x86 dominate) and drivers (networking, gpu, HID, mmc, misc) are the bulk of it, with misc other changes all over (filesystems, core kernel, networking, docs). We've still got some known fallout from the merge window, but it shouldn't affect most normal configurations, so go out and test. Linus Read more Also: Upstream Linux support for new NXP i.MX8